Docker Registry
- Grante Marshall (Unlicensed)
- Graham O'Regan (Unlicensed)
Install and run letsencrypt in order to generate the certificates against a domain registered to the public address
**NEED TO ADD LETSENCRYPT PROCEDURE TO ANSIBLE**
- Grante Marshall (Unlicensed) Add LetSEncrypt to Ansible
Password file generation (using docker image)
docker run --rm --entrypoint htpasswd registry:2 -Bbn heedocker TransformUK2016 >> /home/heetis/auth/htpasswd
Create a blob storage instance in the availability zone you want to deploy the repository
In this case the instance was created in the UK South availability zone and given the name "heetisdockerregistry"
Running the private docker registry manually on the VM using certificates generated using Letsencrypt and utilising Azure's blob storage
docker run -d -p 0.0.0.0:5000:5000 \
-v /home/heetis/certs:/certs \
-v /home/heetis/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_STORAGE=azure \
-e REGISTRY_STORAGE_AZURE_ACCOUNTNAME="heetisdockerregistry" \
-e REGISTRY_STORAGE_AZURE_ACCOUNTKEY="CYP7UkbKHme6qzVJxkDTaYi5h6bI9EMe+cGjDki9I4aGt9F8WSP4sCJmXngkC/DG8BvvTi0nnwMvMy/y40h3hw==" \
-e REGISTRY_STORAGE_AZURE_CONTAINER="registry" \
--name=registry \
registry:2
** This is required to be added to the devops docker-compose automation scripts to be run on Jenkins
Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213